Hotline Privacy Notice

Last Modified: 11 July 2024

This privacy notice (“Notice”) describes how Wella Company, which includes Wella Company International Operations Switzerland S.à.r.l. (our headquarters) and its affiliates and subsidiaries1 (“Wella Company”, “we”, “us”, “our”, or similar) collect and use your personal data when you use the Wella Ethics & Compliance Hotline (the “Hotline”). In this Notice, personal data means information that (either in isolation or in combination with other information) enables you to be directly or indirectly identified (“personal data”). 

For the purposes of the Hotline, Wella Company is the data controller. 

If you want further information about the way Wella Company processes personal data please see the Wella Privacy Notice found at wellacompany.com/privacy-policy. If you are a Wella Company employee, please also refer to the Employee Privacy Notice. 

1 For more information 'About Us', please see here.

Who will process my personal data?

The Hotline is run by an independent third party, Convercent, by OneTrust on our behalf.

Convercent provides whistleblowing platform software and runs the telephone hotline. Any reports made by telephone are received by Convercent, which then sends the report to Wella Company. Reports submitted by other means (e.g., email) are received directly by Wella Company personnel. All investigations are handled by Wella Company personnel, although they may be supported by external experts. Because Wella Company is a global organisation, the reports may be investigated by Wella Company personnel in any of the countries in which there is a Wella Company presence. 

What personal data is collected when using the Hotline?

You are in control of what personal data you provide when you submit your report. Concerns can be raised anonymously where it is allowed by local law. If you wish to remain anonymous, please be aware that sometimes you may be identifiable from the information that you provide and other contextual information, so you should take care not to include any information that could be used to identify you in free text fields.

In any event, you can be assured that your confidentiality will be protected to the greatest extent possible, consistent with the need for us to conduct an adequate investigation and comply with any legal obligations to which we are subject. 

What is the legal basis for processing my personal data?

Any personal data you submit in connection with a hotline report will be processed solely for the purpose of, and to the extent necessary, to enable us to comply with our legal obligations and pursue our legitimate interest to investigating your report and take any necessary further action. 

Data Transfers

Wella Company is a global organization. To the extent permitted by applicable law, your personal data may be transferred to, stored or accessed by Wella Company personnel located around the globe.

When your personal data is transferred to (or accessed from) a country which has not been deemed ‘adequate’ by the ‘transferee’ country, we ensure that appropriate safeguards are implemented in accordance with applicable laws.

Security and Retention

We make every effort to keep your information secure and have technical and organizational measures in place to protect your personal data, including limiting who has access to the reports and any investigation.

In general, personal data in reports will be retained for two (2) years from the closure of the case. After 2 years, we will review the case to determine whether the data needs to be further retained, for example if it is required for ongoing litigation/internal proceedings, or to comply with local laws.

Please note that the retention period mentioned in the paragraph above does not apply to reports made in Portugal, involving Wella Company entities based in Portugal, and/or involving employees who were based in Portugal at the time the report was made. In such cases, the data will be retained for at least 5 years to comply with Portuguese law. 

Your Rights

Subject to applicable local laws, you have the right to request access to and to receive details about the personal data we process about you; request that certain personal data about you be rectified, erased, or restricted; or to object to the processing of your personal data in the context of a report to the Hotline.

If you have any questions or complaints relating to the processing of your personal data, please raise them with us directly. If you are not satisfied with our response, you may consult your local data protection authority. 

How to Contact Us

If you have any questions or comments about the Hotline, or if you would like to exercise your rights of access, correction, erasure, restriction, or objection to the processing of your personal data, please contact wella.data.privacy@wella.com.